Re: MD5 collisions found - alternative?
* Quoting Matthew Palmer (firstname.lastname@example.org):
> On Tue, Aug 24, 2004 at 09:11:34PM -0400, Michael Stone wrote:
> > On Wed, Aug 25, 2004 at 12:39:57AM +0200, Rolf Kutz wrote:
> > >This depends on how the attack really works. If
> > >you just need to flip a few bits in a document it
> > >might just look like typos (think crc32). If your
> > >document is a tarball or a .deb you might be able
> > >to insert a lot of "garbage" to it without being
> > >noticed.
> > Right, but is someone inserting garbage into a .deb really a threat? I'd
> > be more concerned about the insertion of malicious code...
> I imagine that the garbage would be to bring the md5sum back to the original
> to hide the trojan, rather than "hey, look, I can stick garbage on the end
> of the .deb and still keep the same md5sum! whee!".